如何对访问数据WCF asp.net的JWT进行身份验证/验证 [英] How to authenticate/validate JWT for accessing data WCF asp.net
问题描述
我偶然发现要使用带有安全令牌Json Web令牌(JWT)的WCF静态API.我已经为用户创建了注册和登录(在此处创建了jwt)服务.现在,我不确定在访问数据时如何根据用户的每个请求对JWT进行身份验证. 这是我创建JWT所遵循的链接.
I came accross to work with WCF restful API's with security tokens Json Web Token (JWT). I've created registration and login (created jwt here) service for user. Now I'm unsure about how to authenticate JWT on each request of user while accessing data. Here is the link that I followed for creating JWT.
https://www.c-sharpcorner. com/article/wcf-service-with-jwt-token/
这是带有用户信息和JWT的响应对象
here is the response object with user info and JWT
{
"response": "true",
"UData": {
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoibWxpYXFhdDQxNUBnbWFpbC5jb20iLCJwYXNzIjoiMzMzIiwiaWF0IjoiMTU5MzYwNTY0MCJ9.JAeBj0VAJJtCVwbTMrgz_F6ZQWdjYcZFUsif5qLHPGo",
"authenticated": true,
"UserID": "4",
"FullName": "Hellen Waock",
"UNo": null,
"Email": "hellenwaockofficial@gmail.com",
"timestamp": "2020-07-01T17:14:00.355758+05:00"
}
}
现在,我正在为get_AllUsers创建服务,但是我想在访问get_AllUsers时使用JWT. 还有一点要问,在上面的链接中,我找到了要粘贴到webconfig中的一行代码,我将该代码粘贴到了各种标签中,但是出现了一些错误,任何人都可以帮助您将该行粘贴到哪里. 预先感谢
Now I'm creating a service for get_AllUsers, but I want to consume JWT, while accessing get_AllUsers. Another point to ask, In the above link I followed, I found a line of code to paste in webconfig, I pasted that in various tag but got some error, anybody could help about where to paste that line. Thanks in advance
推荐答案
您可以对获取的JWT进行解码,解码后将获得编码前的数据,然后可以验证此数据.在您的项目中,您可以对在调用get_AllUsers之前获得了JWT,然后验证解码的数据.
You can decode the obtained JWT, after decoding you will get the data before encoding, and then you can verify this data.In your project, you can decode the obtained JWT before calling get_AllUsers, and then verify the decoded data.
链接中的JWT解码方法如下:
The JWT decode method in the link is as follows:
public string DeJwt(string token) {
byte[] secretKey = Base64UrlDecode("Hi");
string Json = Jose.JWT.Decode(token, secretKey);
return Json;
}
返回的json是解码后的数据,包括用户名和密码,您可以对其进行验证.
The returned json is the decoded data, including username and password, you can verify it.
Jose-JWT还有其他编码和解码方法.链接中的示例只是其中之一.您可以参考下面的链接以获取更多信息:
Jose-JWT has other encode and decode methods. The example in the link is just one of them. You can refer to the link below for more information:
https://github.com/dvsekhvalnov/jose-jwt
是否由于添加了以下代码行而在web.config中接收到错误?
Is the error received in web.config because the following line of code was added?
<serviceAuthorization serviceAuthorizationManagerType="WcfService1.DistributorValidator, WcfService"/>
此行代码应添加到服务行为中,如下所示:
This line of code should be added to the behavior of the service as shown below:
<serviceBehaviors>
<behavior name="ServiceBehavior">
<serviceAuthorization serviceAuthorizationManagerType="Demo_rest_ConsoleApp.DistributorValidator, Demo-rest-ConsoleApp"/>
<serviceMetadata httpGetEnabled="true"/>
</behavior>
</serviceBehaviors>
更新
在WCF中,您可以通过实现IDispatchMessageInspector接口来拦截所有请求.
In WCF, you can intercept all requests by implementing the IDispatchMessageInspector interface.
public class ServerMessageLogger : IDispatchMessageInspector
{
public object AfterReceiveRequest(ref Message request, IClientChannel channel, InstanceContext instanceContext)
{
return null;
}
public void BeforeSendReply(ref Message reply, object correlationState)
{
}
}
您可以使用AfterReceiveRequest方法处理所有传入请求.
You can process all incoming requests in the AfterReceiveRequest method.
最后,您需要将ServerMessageLogger添加到服务行为并将其应用于服务.
Finally you need to add ServerMessageLogger to the service behavior and apply to the service.
如果不确定如何将ServerMessageLogger添加到服务中,可以参考以下链接:
If you are not sure how to add ServerMessageLogger to the service, you can refer to this link:
这篇关于如何对访问数据WCF asp.net的JWT进行身份验证/验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
